rebalancing-the-economics-of-security-with-ai-driven-delivery-pipelines

Home / Blog

22 SEPTEMBER 2025

Rebalancing the economics of security with AI-driven delivery pipelines

Author: Adam Arellano

banner

AI is transforming software delivery – and security is feeling the impact

AI is transforming software delivery – and security is feeling the impact just as much as development. The same capabilities that help teams build and ship faster are also giving attackers unprecedented speed and scale. That shift is forcing engineering leaders to rethink how they protect applications in an AI-first world.

The shifting balance of security

Adversaries are using AI to tip the economics of cybercrime more in their favor. Tasks that previously required hours of manual effort – like scanning codebases for vulnerabilities, refining exploits, and crafting highly convincing phishing campaigns – can now be automated in just seconds.

  • The cost of launching an attack – both in dollars and effort – has dropped dramatically.
  • The potential damage has grown significantly.

With no influx of new resources coming into organizations, engineering leaders must look for other ways to even the odds. That’s why strategies like shift-left security, pipeline automation, and DevSecOps continue to come up during community discussions.

👉 The key question: How do we maximize the effectiveness of these approaches in an AI-driven threat landscape?

Deploy specialized agents to lend a hand

In the same way attackers use AI to find and exploit vulnerabilities in seconds, developers should be using those same capabilities to make their software secure by default.

Engineering leaders can support this by embedding specialized AI agents into their delivery pipelines.

For example, AI agents can:

  • Automatically scan for known vulnerabilities.
  • Test code against minimum standards for quality and security (SLOs).
  • Automate policy enforcement in pipelines to stop vulnerable code before it reaches production.

This keeps developers moving fast without slowing them down with manual checks.

Apply automated governance to AI output

Automated policy enforcement is particularly important for teams using AI assistants like GitHub Copilot to speed up development.

⚠️ Risks with AI-generated code:

  • Models are trained on vast amounts of code, including insecure samples.
  • They can be manipulated to introduce vulnerabilities.
  • Gartner forecasts that by 2028, 25% of enterprise breaches will be attributed to AI agent abuse.

Since engineers can’t practically review every line of AI-generated code, automated testing is critical.

  • Treat AI-generated code with the same scrutiny as a junior developer’s output.
  • Use automated security and quality testing in pipelines to ensure rigorous governance without negating AI productivity gains.

This reduces friction and helps avoid the perception of security as a blocker on innovation.

Extend DevSecOps into production

Even “bulletproof” code at deployment can later be exposed by zero-day attacks or new vulnerability disclosures.

That’s why security practices must extend into runtime.

Examples:

  • Automated traceability: Instantly locate every artifact containing a vulnerable line of code and pinpoint the pipelines used to deploy it. This allows teams to ship a fix quickly.
  • API monitoring: Track when APIs are being used in unintended ways, which may signal malicious activity or attempts to exploit AI agents.

This level of visibility enables:

  • Faster response
  • Closing security gaps before exploitation
  • Reduced risk of successful compromise

Fighting fire with fire

To stay secure in an AI-first world, engineering leaders must give their teams the same advantages adversaries already have.

The best way forward: Turn AI from a threat into an ally that boosts speed, scalability, and security across the software delivery lifecycle.

💬 Discussion
How is your team applying AI in your pipelines?
What strategies have helped you integrate agents into automated CI/CD?

👉 Share your experiences with the community.

About the Author:

For over 15 years, Adam Arellano has elevated enterprise cloud, AI, and cybersecurity capabilities by leading strategic initiatives aligned with core business goals and missions. From modernizing Veritone’s technology stacks and supporting PayPal Ventures portfolio companies to evolving the product security architecture at Binti, Adam has built a career defined by transforming technology cornerstones into competitive advantages.

More than an information security executive, Adam is a steadfast advocate for cultivating collaborative workplace cultures that champion DEI initiatives and professional growth. He is equally passionate about guiding emerging startups through their most critical funding and growth phases, leveraging his extensive technical expertise and proven business acumen to help organizations achieve their most imperative goals.

@ 2026 Harness Inc.